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An Introduction to Quantum Algorithms 


1. What are quantum algorithms? 


1 What are quantum algorithms? 

1.1 Background 

The idea of a quantum computer was first proposed in 1981 by Nobel laureate Richard 
Feynman, who pointed out that accurately and efficiently simulating quantum mechanical 
systems would be impossible on a classical computer, but that a new kind of machine, a 
computer itself “built of quantum mechanical elements which obey quantum mechanical 
laws” [1], might one day perform efficient simulations of quantum systems. Classical 
computers are inherently unable to simulate such a system using sub-exponential time 
and space complexity due to the exponential growth of the amount of data required to 
completely represent a quantum system. Quantum computers, on the other hand, exploit 
the unique, non-classical properties of the quantum systems from which they are built, 
allowing them to process exponentially large quantities of information in only polynomial 
time. Of course, this kind of computational power could have applications to a multitude 
of problems outside quantum mechanics, and in the same way that classical computation 
quickly branched away from its narrow beginnings facilitating simulations of Newtoninan 
mechanics, the study of quantum algorithms has diverged greatly from simply simulating 
quantum physicical systems to impact a wide variety of fields, including information 
theory, cryptography, language theory, and mathematics. 

Probably the most widely known development in quantum computation was Peter 
Shor’s 1997 publication of a quantum algorithm for performing prime factorization of 
integers in essentially polynomial time [2], Shor’s algorithm was a monumental discovery 
not only because it provides exponential speedup over the fastest classical algorithms, but 
because a number of algorithms for public-key cryptography, including the commonly used 
RSA algorithm, depend on the fact that there is no known efficient classical algorithm 
to factor integers into prime numbers [3]. Shor demonstrated that the realization of 
a full-scale quantum computer would have the potential to provide a truly significant 
increase in computing speed, at the same time pointing out the possible implications of 
such an increase in computational power to the held of cybersecurity. For both reasons, 
Shor’s discovery sparked a great deal of interest in the design of quantum algorithms and 
computers that endures today. 

In addition to Shor’s algorithm, there is a wealth of other interesting and important 
algorithms that have been developed for quantum computers. Two of those algorithms 
will be described in detail in this tutorial in order to better elucidate the study of quantum 
computing theory and quantum algorithm design. These two algorithms are good models 
for our current understanding of quantum computation as many other quantum algorithms 
use similar techniques to achieve their results, whether they be algorithms to solve linear 
systems of equations [4], or quickly compute discrete logarithms. Shor, for example, 
credits one of these algorithms as the inspiration for his own [2], 
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1.2 Caveats 


The first- algorithm that will be explored in this tutorial is Lov Grover’s quantum 
database search [5]. Grover’s algorithm searches for a specified entry in an unordered 
database, employing an important technique in quantum algorithm design known as 
amplitude amplification to achieve a polynomial speedup over the best classical algo¬ 
rithms. In fact, Grover’s algorithm is optimal for any quantum algorithm for performing 
such a search [6]. Of course, searching for an unique element in an unordered set can 
be generalized to apply to a wide variety of problems in computer science, such as the 
problem of boolean satisfiability (SAT). Determining whether there exists a set of truth 
values that satisfy a given set of clauses is equivalent to searching for an element, the set 
of truth values, that satisfies a certain condition, the set of clauses, in an unordered search 
space, the set of all 2 n possible truth assignments of n boolean variables. Although this 
algorithm does not provide an extreme increase in efficiency over its classical counterparts, 
the speedup is still certainly significant with large input. 

The second algorithm that this tutorial will present is Daniel Simon’s algorithm 
for determining the exclusive-or (XOR) mask over which a given black-box function is 
invariant [7]. Simon’s was the first quantum algorithm found to have exponential speedup 
over any equivalent classical algorithm, and the runtime of his algorithm is optimal [8]. 
Although the problem may at first- seem very abstract, Simon’s problem corresponds 
t-o an important problem with a number of applications in computer science known as 
the hidden Abelian subgroup problem , which includes factoring integers into primes and 
calculating discrete logarithms [9]. 

1.2 Caveats 

Now, if quantum computers are so much faster than classical machines, how is it- that 
their use is not yet widespread? Unfortunately, the engineering required to construct a 
quantum computer is very difficult, although it has come a long way. For example, the 
largest- number that has been factored by a quantum computer using Shor’s algorithm 
is 15, and the circuit was hard-wired to factor only the number 15, not any other input, 
as the algorithm is designed t-o do. To put this in perspective, in order for Shor’s algo¬ 
rithm to break 1024-bit RSA keys, the length currently recommended for corporate use 
[10], the algorithm would have to be applied to a 1024-bit integer, which would require 
a quantum computer orders of magnitude larger than that needed to factor 15 into 5 and 3. 

Engineers continue t-o experiment with many different- physical implementations of 
quantum computers, the details of which are beyond the scope of this tutorial. Currently, 
the most- popular implementation, known as an ion trap quantum computer, works by 
using lasers to change the spin states of supercooled ions trapped in an electromagnetic 
field. This implementation has lead to some of the largest quantum machines, boasting 
registers of up to 8 quantum bits (qubits) [11]. The difficulty faced by all of the architec- 
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tures considered to date is foremost that of creating a machine that is minimally effected 
by its surroundings, while at the same time responsive to control by the engineer, or 
user. The quality of a quantum computer implementation is measured in terms of its 
decoherence, error caused by the inherent coupling of artificial quantum systems to the 
unpredictable natural world that we use to construct them. For example, in the ion trap 
implementation, possible sources of undesirable interference are any electric and magnetic 
fields in the vicinity, including those necessary to operate the machine itself, which can 
cause the ions to change spin states at random and ultimately collapse into a classical 
system [12], Current research focuses on minimizing such sources of decoherence, but 
eliminating decohcrence completely is impossible. So, while it is currently possible to 
decrease decoherence enough to allow for relatively accurate computation on the scale of 
8 qubits, as the number of qubits increases, so does the decoherence, to the extent that 
properly functioning quantum computers with more than 8 qubits have yet to be realized. 

Still, many universities and corporate research centers around the world are working 
to build the first scalable quantum computer, as quantum computation, with its promises 
of speed proven unattainable by classical machines, remains a good candidate for the 
next computational paradigm. Even if general purpose quantum computers might seem 
a long way off, it is likely that small scale quantum computers might soon be used by 
classical computers to perform certain calculations more quickly, such as the calculations 
required to simulate complex biological systems, or to identify the content of a raster 
image for improved web search [13]. For these reasons, it is important to become familiar 
with the basics of quantum computation now in order to be prepared for the quantum 
computational tools that will likely be available in the not so distant future. 

2 Mathematical representation 

2.1 Fundamental differences 

Quantum computers employ the laws of quantum mechanics to provide a vastly different 
mechanism for computation than that available from classical machines. Fortunately 
for computer scientists interested in the held of quantum computing, a deep knowledge 
of quantum physics is not a prerequisite for understanding quantum algorithms, in the 
same way that one need not know how to build a processor in order to design classical 
algorithms. However, it is still important to be familiar with the basic concepts that 
differentiate quantum mechanical systems from classical ones in order to gain a better 
intuitive understanding of the mathematics of quantum computation, as well as of the 
algorithms themselves. 

The first distinguishing trait of a quantum system is known as superposition, or more 
formally the superposition principle of quantum mechanics. Rather than existing in one 
distinct state at a time, a quantum system is actually in all of its possible states at the 
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same time. With respect to a quantum computer, this means that a quantum register 
exists in a superposition of all its possible configurations of 0’s and l’s at the same time, 
unlike a classical system whose register contains only one value at any given time. It is 
not until the system is observed that it collapses into an observable, definite classical state. 

It is still possible to compute using such a seemingly unruly system because probabili¬ 
ties can be assigned to each of the possible states of the system. Thus a quantum system 
is probabilistic: there is a computable probability corresponding to the liklihood that that 
any given state will be observed if the system is measured. Quantum computation is 
performed by increasing the probability of observing the correct state to a sufficiently 
high value so that the correct answer may be found with a reasonable amount of certainty. 

Quantum systems may also exhibit entanglement. A state is considered entangled if 
it cannot be decomposed into its more fundamental parts. In other words, two distinct 
elements of a system are entangled if one part cannot be described without taking the 
other part into consideration. In a quantum computer, it is possible for the probability of 
observing a given configuration of two qubits to depend on the probability of observing 
another possible configuration of those qubits, and it is impossible to describe the 
probability of observing one configuration without considering the other. An especially 
interesting quality of quantum entanglement is that elements of a quantum system may 
be entangled even when they are separated by considerable space. The exact physics of 
quantum entanglement remain elusive even to professionals in the field, but that has not 
stopped them from applying entanglement to quantum information theory. Quantum 
teleportation, an important concept in the field of quantum cryptography, relies on 
entangled quantum states to send quantum information adequately accurately and over 
relatively long distances 1 . 

2.2 Hilbert spaces and Dirac notation 

Before delving into the formal mathematics used to describe quantum algorithms, it is 
important to first become familiar with the notation that is commonly used to describe 
more general quantum mechanical systems, as well as the states of quantum registers. 
This notation is known as Bra-ket or Dirac notation, named after the Nobel laureate Paul 
Dirac. Dirac notation is just another way of describing vectors. In dirac notation: 


v = 


Vo 

V\ 


= |v> 


1 As of May 2010, researchers were able to teleport quantum information over a distance of about 16 
kilometers with 89% accuracy [14]. 
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The column vector |v) is referred to as “ket-v.” The dual vector of |v) has the following 
Dirac notation: 

(v| = v T = [ujj Vi • • • w] 

Where v is the complex conjugate 2 of v. This dual vector is called “bra-u.” 

Dirac notation is a convenient way to describe vectors in the Hilbert space C n , which 
is the vector space that is most useful for reasoning about quantum systems. For the 
purposes of this tutorial 3 , a Hilbert space is a vector space with an inner product , and a 
norm 4 defined by that inner product. The inner product of a vector space is an operation 
that assigns a scalar value to each pair of vectors u and v in the vector space, and the 
inner product of two vectors in a Hilbert space in C n is denoted using the Dirac notation 
(u|v). Thus the inner product (u|v) of two vectors in a complex Hilbert space is given 
by the dot product of the vectors v and u T , the conjugate transpose of u: 


(u|v) = u T v = Uq U\ ... u n 


v 0 

Vl 


= u 0 ■ Vo + Ui ■ Vl + ... + u n ■ v n 


V 


n 


By definition, the inner product satisfies the following conditions: 

1. (v|v) > 0, with (v|v) = 0 if and only if |v) = 0. 

2. (u|v) = (v|u) for all |u), |v) in the vector space. 

3. (u|o:o v + aqw) = ao (u|v) + aq (u|w). 

More generally, the inner product of |u) and Jjjcq l v *) i s equal to ^cq ( u l v *) f° r 

i i 

all scalars cq and vectors |u), |v) in the vector space (this is known as linearity in 
the second argument). 


The norm of a vector |v) in a Hilbert space is defined using the square root of the inner 
product of |v) with itself: 

lll v >ll = V( v l v ) 

2 The notation v* is also often used to denote the complex conjugate, though more so in applied 
sciences such as engineering than in mathematics or computer science. 

3 For finite-dimensional vector spaces, such as the vector space C n with which this tutorial is concerned, 
Hilbert spaces are no different than inner product spaces. Formally, a Hilbert space must be an inner 
product space that is also a complete metric space: the inner product of a Hilbert space H must induce 
a norm such that for all sets of vectors in H , if ^Soll v *ll converges absolutely, then it converges to a 
value in H (every Cauchy sequence converges in H). More intuitively, H must be defined at every point, 
so that calculus is a valid set of operations in H. 

4 The norm is the length of a vector in a vector space, or geometrically, the distance from the origin to 
the point that the vector represents. 
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This norm is also known as the £ 2 -norm, 2-norm or Euclidean norm over the complex 
numbers. Geometrically, this norm gives the distance from the origin to the point |v) 
that follows from the Pythagorean theorem. 

Along with the inner product, the outer product of two vectors can also be defined. 
The outer product, denoted |v) (u| or |v) ® (u|, is the tensor or Kronecker product |v) 
with the conjugate transpose of |u). The result is not a scalar, as with the inner product, 
but a matrix: 


Vo 



V 0 U 0 

M 0 Ml • • 

Vo Vm 

Vi 

b Ui . . 

V>m\ — 

Vi ud 

vi «T • • 

v i a m 

Vn 



V n Ud 

v n ui ■ ■ 

V n U m 


The outer product is often used to describe a linear transformation between vector spaces. 
Rather than using inelegant transformation matrices like the one depicted above, a linear 
transformation from a Hilbert space U to another Hilbert space V on a vector |w) in U 
may be succintly and conveniently described: 

(|v) (u|) |w) = |v) (u|w) = (u|w) |v) 

Since (u|w) is a commutative, scalar value. 

The tensor product, a way of combining vector spaces into larger vector spaces, is 
a very important operation in quantum computation. The tensor product between two 
vectors |u) <g) |v) is so common that it is usually simplified to |u) |v) or |uv), and a vector 
tensored with itself n times is denoted |v) 0, \ Two column vectors |u) and |v) of lengths 
m and n yield a column vector of length m ■ n when tensored: 

m 0 • Vo 
u 0 • Mi 



M 0 


Vo 


M 0 ' V n 

u) v) = uv) = 

Mi 


V\ 

= 

Mi • M 0 


Um 


V n 


Vm— 1 ‘ V n 


Vm ‘ V 0 

U m • V n 

Tensor products are so ubiquitous because they are the mathematical abstraction that 
desribes the interaction between two quantum systems: the vector space describing one 
quantum system tensored with the vector space describing another is the vector space 
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made up of linear combinations of all of the vectors in the two vector spaces. The 
applications of the tensor product to quantum computation will be considered in more 
depth in Section 2.4, which discusses quantum registers, large quantum systems made up 
of their combined smaller qubit counterparts. 

2.3 The qubit 

A classical bit may be represented as a base-2 number that takes either the value 1 or the 
value 0. Qubits are represented in a similar way in that they are also base-2 numbers, and 
they take on the value 1 or 0 when measured and thus collapsed to a classical state. Very 
much unlike classical bits, in its uncollapsed, quantum state, a qubit is in a superposition 
of the measurable values 1 and 0. The most convenient way to mathematically represent 
the state of a qubit at any given time is as a two-dimensional state space in C 2 with 
orthonormal 5 basis vectors |1) and |0). The superposition \if) of a qubit is represented as 
a linear combination of those basis vectors: 

H>) = a 0 |0) + ai |1) 

Where «o is the complex scalar amplitude of measuring |0), and cq the amplitude of 
measuring the value |1). Amplitudes may be thought of as “quantum probabilities” in 
that they represent the chance that a given quantum state will be observed when the 
superposition is collapsed. The most fundamental difference between probabilities of 
states in classical probabilistic algorithms and amplitudes of states in quantum algorithms 
is that amplitudes are represented by complex numbers, while traditional probabilities 
are described by real numbers. Complex numbers are required to fully describe the 
superposition of states and interference or entanglement inherent in quantum systems. 6 
It follows that, as the probabilities of a classical system must sum to 1 in order for the 
probabilities to form a complete probability distribution, the squares of the absolute 
values of the amplitudes of states in a quantum system must similarly add up to 1. 

Of course, just as the hardware underlying the bits of a classical computer may vary 
in voltage, quantum systems are not usually so perfectly behaved. It can be assumed that 
those voltages correspond to discrete boolean values, and a similar assumption is made 
about quantum state vectors that simplifies reasoning about quantum computational 
systems, called the normalization conditon : |^) is a unit vector. This means that 
|||^)|| = = 1, and since |0) and |1) are orthonormal 7 , it follows that |a 0 | 2 + |ai| 2 = 1. 

5 The basis vectors are mutually orthogonal unit vectors. 

6 See [15] for a great discussion by Scott Aaronson of why complex numbers and the 2-norm are used 
to describe quantum mechanical systems. 

'If |0) and |1) are orthonormal, then by orthogonality (011) = (110) = 0, and by normality (010) = 
< 1 | 1 ) = 1 
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Reducing the inner product to its component vectors: 

1 = (0 |0) 

— (on (0| + ai (1|) • (a 0 |0) + a\ |1)) 

— (°o [0oo 0oij + a l [010 011 _| ) ■ 

= [d O 0OO + OiV’lO do0Ol + <3'l'01lJ 

= a o 0ooa o 0oo + ai0ioao0oo + ao0oodi0io + di0iodi0io 
+ a o 0oia o 0oi + ai0 n a o 0 O i + do0oidi0n + a i0n a i0n 
= |«o1 2 (|0oo| 2 + 1^011 2 ) + M 2 (l^iol 2 + IV'llI 2 ) 

+ a lQ'0 (010000 + 0110Ol) + a 0 a l (0oo0io + 0O101l) 

— l a o | 2 + | ai|" 

This derivation is exemplary of the convenience of Dirac notation; the same equivalence 
is made clear in much fewer steps and through much less tedious math in Dirac notation: 

1 = (0|0) 

— (ao <0| + ai (1|) • (ao |0) + a i |1)) 

= |a 0 | 2 (010) + |ai| 2 (111) + aiao (110) + aodi (011) 

— |a 0 | 2 + | ai|" 

Thus the probability of observing a single possible state from the superposition is obtained 
by squaring the absolute value of its amplitude; the probability of the qubit being in the 
state |0) is |ao| 2 , and the probability that the qubit will be measured as |1) is |ai| 2 , or 
1 - |a 0 | 2 . 




+ a i 


0oo 
.■001 

ao0oo + di0io 
ao0oi + di0n 


010 

011 


Remember that the contents of Dirac bras and kets are labels that describe the 
underlying vectors. |0) and |1) may be transformed into any two vectors that form an 
orthonormal basis in C 2 . The most common basis used in quantum computing is called 
the computational basis: 


But any other orthonormal basis could be used. For example, the basis vectors: 



1 +) 


|0) + |1) 
V2 



|QHi) 

y/2 


— \ 1 
V 2 [-1 
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Provide a slightly different but equivalent way of expressing of a qubit: 


— «o |0> + 0'i |1) 

!+) + !-) 


— 0-0 


V2 

O'O T O-i 


+ a 1 


!+>-!-> 


V 2 


V2 


l+) + 


o-o A a 1 

^1“ 


-) 


Here, instead of measuring the states |0) and |1) each with respective probabilities |a.o| 2 
and |ai| 2 , the states |+) and |—) would be measured with probabilities |a 0 + a 1 1 2 /2 and 
|a 0 — ai| 2 /2. Because the computational basis tends to be the most straightforward basis 
for computing and understanding quantum algorithms, the rest of this tutorial will assume 
the computational basis is being used unless otherwise stated. 


2.4 Quantum registers 

It is hard to do any interesting computation with only a single qubit. Like classical 
computers, quantum computers use quantum registers made up of multiple qubits. When 
collapsed, quantum registers are bit strings whose length determines the amount of 
information they can store. In superposition, each qubit in the register is in a superposition 
of |1) and 10), and consequently a register of n qubits is in a superposition of all 2 n possible 
bit strings that could be represented using n bits. The state space of a size-n quantum 
register is a linear combination of n basis vectors, each of length 2”: 

2 n —1 

1 4>n) = tti I*) 

i= 0 

Here i is the base-10 integer representation of a length-n number in base-2. A three-qubit 
register would thus have the following expansion: 

If/b) = o-o |000) + di |001) + a , 2 |010) + a 3 |011) + a 4 1100) + a 5 1101) + a 6 1110) + a 7 |111) 
Or in vector form, using the computational basis: 


T 


"o' 


"o' 


"o' 


"o' 


"o' 


"o' 


"o' 

0 


1 


0 


0 


0 


0 


0 


0 

0 


0 


1 


0 


0 


0 


0 


0 

0 


0 


0 


1 


0 


0 


0 


0 

0 

+ Q] 

0 

+ 0,2 

0 

+ 03 

0 

+ d 4 

1 

+ Cl5 

0 

+ Oq 

0 

+ d 7 

0 

0 


0 


0 


0 


0 


1 


0 


0 

0 


0 


0 


0 


0 


0 


1 


0 

0 


0 


0 


0 


0 


0 


0 


1 
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As mentioned earlier, each possible bit configuration in the quantum superposition is 
denoted by the tensor product of its counterpart qubits. Consider 1101), the bit string 
that represents the integer value 5: 

|101) = |1) ® |0) <g> |1) 



= [0 000010 o] T 

As with single qubits, the squared absolute value of the amplitude associated with a given 
bit string is the probability of observing that bit string upon collapsing the register to 
a classical state, and the the sqares of the absolute values of the amplitudes of all 2 n 
possible bit configuations of an n-bit register sum to unity: 

2 n —1 

£kl 2 = l 

i =0 

Quantum registers are a relatively straightforward extension of quantum bits. 

2.5 Quantum logic gates 

Understanding how quantum registers work mathematically and how they differ from 
classical registers, it is now possible to think about how the state of a quantum register 
can evolve over time, changing to reach some ultimate goal. In classical computing, one 
way of thinking about algorithm design and computation is via universal Turing machines. 
Quantum universal Turing machines were first described by David Deutsch in 1985 [16], 
but designing algorithms for quantum Turing machines is even more difficult and tedious 
than doing so for classical Turing machines; both a quantum Turing machine’s tape 
and its read-write head exist in superpositions of an exponential number states! As in 
classical computer science, instead of using the Turing machine as a computational model, 
operations on a quantum computer are most often described using quantum circuits 
made up of qubits and quantum logic gates, a concept also introduced by Deutsch a few 
years after his specification of the quantum analog to a Turing machine [17]. In classical 
computer science but arguably even more so in quantum computing, although circuits are 
computationally equivalent to Turing machines, they are usually much simpler to depict, 
manipulate and understand. 

In classical computing, binary values, as stored in a register, pass through logic gates 
that, given a certain binary input, produce a certain binary output. Mathematically, 
classical logic gates are described using boolean algebra. Quantum logic gates act in a 
similar way, in that quantum logic gates applied to quantum registers map the quantum 
superposition to another, together allowing the evolution of the system to some desired 
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final state, a correct answer. 

Quantum logic gates are mathematically represented as transformation matrices, or 
linear operators, applied to a quantum register by tensoring the transformation matrix 
with the matrix representation of the register. All linear operators that correspond to 
quantum logic gates must be unitary. That is, if a complex matrix U is unitary, then it 
must be true that U = U\ where W is the conjugate transpose: W = U .It follows 
that UU' = U'U = I. Unitary operators preserve the inner product of two vectors, 
geometrically preserving the lengths of the vectors and the angle between them: 

(u| U ] U |v) = (u| I |v) = (u|v) 

The composition of two unitary operators is also unitary. Given unitary transformation 
matrices U and V: 


( UV) ] = V ] U ] = V^U- 1 = (UV)~ l 

Unitary transformations performed on a single qubit may be visualized as rotations 
and reflections about the x, y, and z axes of the Bloch sphere. All the possible linear 
combinations a 0 |0) + eq |1) in C 2 correspond to all the points (9, if) on the surface of the 
unit sphere, where cio = cos(#/2) and cq = e^sin(#/2): 

\if) = a 0 |0) + ai |1) 

= cos ^ (0) + e 1 ^ sin ^ |1) 

0 9 

= cos - |0) + (cos 0 + i sin<p) sin - |1) 

While circuit diagrams facilitate understanding the flow of operations in quantum 
algorithms and the bigger picture of how they work to produce the solution to a problem, 
the Bloch sphere provides an intuitive reminder of the underlying implementation that 
drives the strange properties that distinguish quantum computing from classical on a 
gate-to-gate basis. In an actual quantum computer, the “wires” of a circuit diagram could 
correspond to a single electron moving through time, and each “gate” a change in the 
pattern of movement of that electron. Since quantum gates are so tightly coupled to their 
underlying quantum mechanical systems, it is important to know how those gates are 
evolving the quantum system to produce a result. 

Although any unitary transformation is a valid elementary operation on a quantum 
computer, there are a small number of frequently used quantum logic gates analagous 
to classical logic gates such as NOT or XOR in the role that they play in the field of 
quantum computing. In fact, any unitary transformation can be performed using a few of 
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z 



Figure 1: The Bloch sphere 


the following gates [18]. One important example is the single-qubit Hadamard operator-. 


TT 

1 

'1 1 ' 

11 

V2 

1 -1 


| 0 ) + | 1 ) 
V2 


< 0 | + 


| 0 )-| 1 ) 

V2 


( 1 | 


Often referred to as a “fair coin flip,” the Hadamard operator applied to a qubit with 
the value |0) or |1) will induce an equal superposition of the states |0) and 11), an equal 
probability of the qubit being in the state |1) or |0) when observed. Many quantum 
algorithms begin by applying the Hadamard operator to each qubit in a register, which 
gives each of the 2 n possible bitwise configurations of the n qubits an equal probability 
of 2~ n of being observed when the system is measured. Geometrically, the Hadamard 
operator performs a rotation of tt/2 about the y axis followed by a rotation about the x 
axis by 7r radians on the Bloch sphere: 

The difference between amplitudes and simple probabilities discussed in Section 2.3 
becomes apparent when operations are applied to quantum systems which may have the 
same probability distributions, but different amplitudes from which those probabilities 
are derived. For example, consider the results of applying the Hadamard transform to |0) 
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z z 




Figure 2: Bloch sphere representation of the Hadamard operator applied to |0) and |1) 


versus |1) : 


H |0> 
H |1) 


|0) + |1) 
V2 

| 0 ) + | 1 ) 
V2 


( 0 | 0 ) + 
( 0 | 1 ) + 


Bifl 

V2 

j0Mi> 

V2 


( 1 | 0 ) 

(111) 


| 0 ) + | 1 ) 
Vi 

| 0 )-| 1 ) 

Vi 


The probability distributions of the two results are exactly the same, the two states 
differing only by the phase of |1). Still, applying the Hadamard transform again on each 
state will result in very different distributions: 


H 


^ m (do) + (no) + M+h> (0 |i) + (1|1) 
| 0 ) + | 1 ) , | 0 > ~| 1 ) 


H 


10 ) ~ 11 ) 
V2 


= | 0 ) 

| 0 ) + | 1 ) 


( 0 | 0 ) + |0 ^ -^ ( 1 | 0 ) - ( 0 | 1 ) - |0 ^ - ^ ( 1 | 1 ) 


2 ' 1 ' 2 
|0) + |1) |0)-|1) 


= | 1 ) 
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2.5 Quantum logic gates 


When the same series of operations is performed on seemingly only slightly differing 
systems, the two systems can, and do, produce critically different results. Amplitudes are 
thus an important distinguishing trait of quantum computers. 

The three Pauli gates, named after yet another Nobel laureate Wolfgang Pauli, are 
also important single-qubit gates for quantum computation. The Pauli-X, -Y, and -Z 
gates correspond to rotations by 7r radians about the x, y, and z axes respectively on the 
Bloch sphere. The Pauli-X gate swaps the amplitudes of |0) and 11): 


z z 




Figure 3: The results of Pauli-X and Pauli-Y gates applied to |0) differ only by phase 



= | 1 > < 0 | + | 0 >( 1 | 


The Pauli-Y gate swaps the amplitudes of |0) and 11), multiplies each amplitude by i, and 
negates the amplitude of 11): 


V — 

"0 -i 

1 

i 0 


= <| 1 )< 0 |-*| 0 ) < 1 | 

And the Pauli-Z gate negates the amplitude of 11), leaving the amplitude of |0) the same: 

= | 1 > < 0 | - | 0 ) ( 1 | 


7 — 

i 

H 

o 

_1 

Zj 

o 

1 

Y-l 
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2.5 Quantum logic gates 


The Pauli-Z gate, altering only the phase of the system, is a special case of the more 
general phase-shift- gate, which does not modify the amplitude of |0) but changes the 
phase of |1) by a factor of e l6 for any value of 6: 



1 0 

0 e ie 


|1> <0|+e"|0> <1| 


The Pauli-Z gate is equivalent to the phase-shift gate with 9 = it. Another special case of 
the phase-shift gate where 6 = 7t/2 is known as simply the phase gate, denoted S, which 
changes the phase of |1) by a factor of i: 



'1 o' 

- s — = 

0 i 


| 1 > ( 0 |+.| 0 )( 1 | 


And the phase-shift gate where 9 = 7r/4 is referred to as the 7t/8 gate, or T: 



1 0 

0 e^ /4 


| 1 > (01 + | 0 > { 1 | 


With the name n/8 coming from the fact that this transformation can also be written as 
a matrix with n/8 along the diagonal: 


1 

0 


0 

e i7r/4 


= e i7r / 8 


e — in/8 

0 


0 

e W8 


Quantum computing also makes use of controlled operations , multi-qubit operations 
that change the state of a qubit based on the values of other qubits. The quantum 
controlled-NOT or CNOT gate swaps the amplitudes of the |0) and |1) basis states of a 
qubit, equivalent to application of the Pauli-X gate, only if the controlling qubit has the 
value 11): 


control 


target 


\ c ) 
1 1) 




\ c ) 

1 1 © c) 


But controlled operations are not restricted to conditional application of the Pauli-X gate; 
Any unitary operation may be performed: 


control 

target 


\ c ) 
1 1) 


U 


I c) 

U c \t) 
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With the matrix representation: 


10 0 0 
0 10 0 
0 0 a:oo x 10 
0 0 a: 0 i X\\ 


And Dirac equivalent: 

100) (001 + |01) (01| + x 00 110) (101 + xoi 110) (11| + x 10 |H> (10| + x n |11) (11| 

In fact, controlled operations are possible with any number n control qubits and any 
unitary operator on k qubits. The Toffoli gate is probably the most well-known of these 
gates. Also known as the controlled-controlled-NOT gate, the Toffoli gate acts on three 
qubits: as the alternative name would suggest, two control qubits and one target. If both 
control qubits are set, then the amplitudes of the target qubit are flipped: 


I Cl) 
|C2> 

! t) 


-1 

_ t 

1- 

1 

I 

—€ 

w 

}— 


I Cl) 
|C2> 


\t © Cl • c 2 ) 


The Toffoli gate, originally devised as a universal, reversible classical logic gate by 
Tommaso Toffoli [19], is especially interesting because depending on the input, the gate 
can perform logical AND, XOR, NOT and FANOUT operations, making it universal for 
classical computing. Since quantum computing is reversible 8 , the reversible Toffoli gate is 
a valid transformation not only on classical circuits, but also of quantum circuits, implying 
that quantum computation is at least as powerful as classical computation. The Dirac 
representation of the 3-qubit Toffoli gate is a bit unwieldy, but the matrix representation 
is fairly straightforward: 


T 

0 

0 

0 

0 

0 

0 

o' 

0 

1 

0 

0 

0 

0 

0 

0 

0 

0 

1 

0 

0 

0 

0 

0 

0 

0 

0 

1 

0 

0 

0 

0 

0 

0 

0 

0 

1 

0 

0 

0 

0 

0 

0 

0 

0 

1 

0 

0 

0 

0 

0 

0 

0 

0 

0 

1 

0 

0 

0 

0 

0 

0 

1 

0 


Understanding qubits, quantum registers, and the quantum gates that act on them, it 

8 All evolution in a quantum system can be described by unitary matrices. All unitary transformations 
are invertible, and thus all quantum computation is reversible. 
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is possible to begin understanding quantum algorithms. One last mathematical formality 
remains: how to describe the computational complexity of quantum systems. After all, 
it’s hard to assert that a quantum algorihm can solve a problem faster than a classical 
algorithm with no way of quantifying and comparing the computational complexity. 

2.6 Computational complexity 

In order to begin to understand the possible power of quantum computing, it helps to 
look at the computational power of quantum computers in relation to their classical 
counterparts. Remember that problems in P are decision problems that can be solved in 
polynomial time by a deterministic Turing machine. The equivalent for space efficiency, 
the set of decision problems that can be solved by a Turing machine 9 using polynomial 
space, is referred to as PS PACE. NP problems, on the other hand, are those that require 
a nondeterministic Turing machine in order to be solved efficiently, and so exponential 
time on a deterministic machine. The class of NP-complete problems, abbreviated NPC, 
consists of the hardest problems in NP. Every problem in NP can be reduced to a problem 
in NPC. If one NPC problem was found to be in P, then all of the problems in NP 
would also be in P, proving the long-open problem of whether P = NP. Most theoretical 
computer scientests believe that P 7 ^ NP, but nobody has been able to successfully prove 
the conjecture either way. 

There is another important complexity class called BPP: Bounded-error Probabilistic 
Polynomial time. BPP describes decision problems that can be solved in polynomial 
time by a probabilistic Turing machine, with a chance that the solution could be wrong. 
Probabilistic Turing machines are those with “the ability to flip coins in order to make 
random decisions” [ 20 ], machines with direct access to some source of truly random input. 
The downside to using randomness in an algorithm is that it often means that there will 
be a chance that the algorithm will produce an incorrect result. In BPP, the error of 
the solution is bounded in that the probability that the answer is correct must, be at 
least two-thirds. More formally, if the answer to the decision problem is “yes,” then at 
least two-thirds of the possible computational paths must accept, and if the solution is 
“no,” then at most one-third can accept 10 . Although there are currently problems solvable 
in BPP that are not in P, the number of such problems has been decreasing since the 
introduction of BPP in the 1970’s. While it is not yet been proven whether P C BPP, it 
is conjectured that P = BPP [21, 22], 

Quantum computation introduces a number of new complexity classes to the polyno¬ 
mial hierarchy. Probably the most studied complexity class is Bounded-error Quantum 
Polynomial time, or BQP. BQP is the quantum extension of BPP: the class of decision 

9 Savitch’s theorem states that a deterministic Turing machine requires only quadratically more space 
to solve the same problems as a nondeterministic Turing machine; PSPACE = NPSPACE. 

10 In terms of accepting paths, P and NP require that if the answer is “yes,” there must be at least one 
accepting path, and no accepting path otherwise. 
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problems solvable in polynomial time by an innately probabilistic quantum Turing ma¬ 
chine, with the same error constraint as defined for BPP. Unlike BPP, it is suspected 
that P C BQP [24], which would mean that quantum computers are capable of solving 
some problems in polynomial time that cannot be solved efficiently by a classical Turing 
machine! The conjectured relationships between all of these complexity classes, as well as 
some of the biggest problems known to be in each class, are depicted in Figure 4. 

3 Grover’s Algorithm 

3.1 Quantum search 

As discussed earlier, Grover’s algorithm performs a search over an unordered set of N = 2 n 
items to find the unique element that satisfies some condition. While the best classical 
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algorithm for a search over unordered data requires O(N) time 11 , Grover’s algorithm 
performs the search on a quantum computer in only (){\fN) operations, a quadratic 
speedup. As Grover himself notes, if the algorithm were to run in a finite power of O(lgiV) 
steps, then it would provide an algorithm in BQP for problems in NPC [5]. However, 
Grover’s algorithm does not provide such a runtime, and is an asymptotically optimal 
solution, so no definitive statement can be made about the relationship between the 
complexity classes BQP and NP based on the performance of Grover’s algorithm. 


Grover’s search algorithm is a good introduction to quantum algorithms because it 
demonstrates how the qualities of quantum systems can be used to improve upon the 
lower runtime bounds of classical algorithms. In order to achieve such a speedup, Grover 
relics on the quantum superposition of states. Like many quantum algorithms, Grover’s 
begins by putting the machine into an equal superposition of all possible 2” states of the 
n-qubit register. Remember that means there is an equal amplitude of I/a/ 2” associated 
with every possible configuration of qubits in the system, and an equal probability of 1/2” 
that the system will be in any of the 2” states. All of these possible states correspond 
to all the possible entries in Grover’s database, and so starting with equal amplitudes 
assigned to each element in the search space, every element can be considered at once in 
a quantum superposition, and amplitudes can be manipulated from there to produce the 
correct entry in the database with a probability of “at least” 1/2 [5]. 


Along with the superposition of states, Grover’s algorithm, and more generally the 
family of quantum algorithms that use what is known as amplitude amplification , exploit 
the qualities of quantum amplitudes that differentiate those amplitudes from simple 
probabilities. The key to these algorithms is the selective shifting of the phase of one state 
of a quantum system, one that satisfies some condition, at each iteration. Performing 
a phase shift of n is equivalent to multiplying the amplitude of that state by —1: the 
amplitude for that state changes, but the probability of being in that state remains the 
same (since the probability disregards the sign of the amplitude). However, subsequent 
transformations performed on the system take advantage of that difference in amplitude 
to single out that state of differing phase and to ultimately increase the probability of 
the system being in that state. Such sequences of operations would not be possible if 
the amplitudes did not hold that extra information regarding the phase of the state 
in addition to the probability. These amplitude amplification algorithms are unique to 
quantum computing because of this quality of amplitudes that has no analog in classical 
probabilities. 


n Reftesher: assuming uniform probability distribution that any of the n items is the correct item in a 
given search, an average of Pfi- = 0(n ) probes will be required in order to find the correct item on a 
classical computer. With a uniform distribution, the probability that any given item is the correct one is 
A In order to calculate the average number of probes necessary to find the correct item in the array, we 
find the weighted average of the number of probes required to find the correct item in each of its possible 

n n 

positions, from the first position probed to the n th : n 

i= 1 i= 1 


n(n+1) 
2 


_ n+1 

— 2 ' 
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3.2 Grover’s algorithm: How it works 

Grover’s algorithm begins with a quantum register of n qubits, where n is the number of 
qubits necessary to represent the search space of size 2 n = N, all initialized to |0): 

|0)® n = |0) (1) 

The first step is to put the system into an equal superposition of states, achieved by 
applying the Hadamard transform H 0n , which requires O(lgiV) = 0(lg2 n ) = @(n) 
operations, n applications of the elementary Hadamard gate: 

W = |0)®“ = -L \x) (2) 

v ^ x=0 

The next series of transformations is often referred to as the Grover iteration , and performs 
the amplitude amplification mentioned earlier, the bulk of the algorithm. The Grover 
iteration will be repeated |\/2” times. According to Grover [5], in order to achieve optimal 
probability that the state that we ultimately observe is the correct one, we want the overall 
rotation of the phase to be | radians, which will occur on average after |\/2™ iterations. 
The first step in the Grover iteration is a call to a quantum oracle, O, that will modify the 
system depending on whether it is in the configuration we are searching for. An oracle is 
basically a black-box function, and this quantum oracle is a quantum black-box, meaning 
it can observe and modify the system without collapsing it to a classical state, that will 
recognize if the system is in the correct state. If the system is indeed in the correct state, 
then the oracle will rotate the phase by n radians, otherwise it will do nothing, effectively 
marking the correct state for further modification by subsequent operations. Remember 
that such a phase shift leaves the probability of the system being correct state the same, 
although the amplitude is negated. Quantum oracle implementations will often use an 
extra scratch qubit, but in this implementation the extra qubit is unnecessary, so the 
oracle’s effect on x) may be written simply: 

\x) ^ (-l) /(a;) \x) (3) 

Where f(x) — 1 if x is the correct state, and ffx) = 0 otherwise. The exact implementa¬ 
tion of f{x) is dependent on the particular search problem. 

Grover refers to the next part of the iteration as the diffusion transform, which 
performs inversion about the average, transforming the amplitude of each state so that 
it is as far above the average as it was below the average prior to the transformation, 
and vice versa. This diffusion transform consists of another application of the Hadamard 
transform H® n , followed by a conditional phase shift that shifts every state except |0) by 
— 1, followed by yet another Hadamard transform. The conditional phase shift can be 
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represented by the unitary operator 2 | 0 ) ( 0 | — /: 

[2 0 ) <0 — /] 0 ) — 2 0 ) ( 0 | 0 ) — 7 — | 0 ) (4a) 

[210) (0| - /] \x) = 2 |0) (0|x) - / = - |z) (4b) 

Giving the entire diffusion transform, using the notation \if) from equation 2: 

H 0n [2 |0) (0| - I] H 0n = 2 H 0n |0) (0| H® n - I = 2 \ijj) {ijj\ - I (5) 

And the entire Grover iteration: 

[2 If/’) (f/’l — IjO (6) 


In considering the runtime of the Grover iteration, the exact runtime of the oracle 
depends on the specific problem and implementation, so a call to O is viewed as one 
elementary operation. The total runtime, then, of a single Grover iteration is 0(2n), 
from the two Hadamard transforms, plus the cost of applying 0(n ) gates to perform 
the conditional phase shift [12], is 0(n). It follows that the runtime of Grover’s entire 
algorithm, performing 0(y/ r N) = = 0 ( 2 ?) iterations each with a runtime of 0(n ), 

is 0 ( 2 ?). 


diffusion transform 


| 0 > 

| 1 > 



repeat O(VN) ~ \\fN times 

Figure 5: Circuit diagram for Grover’s algorithm, with a scratch qubit for the oracle [25]. 


Once the Grover iteration has been performed an adequate number of times, a classical 
measurement is performed to determine the result, which will be correct with probability 
0 ( 1 ) completing the execution of the algorithm. 

Grover’s algorithm is summarized nicely in [ 12 ] as follows: 

Input: 

• A quantum oracle O which performs the operation O |rr) = (_i)/(*> |x) , where 
f(x ) = 0 for all 0 < x < 2 ” except xq, for which f(x o) = 1 . 

• n qubits initialized to the state | 0 ) 
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Output: Xo 

Runtime: OQ/ 2”) operations, with 0(1) probability of success. 

Procedure: 

1. |O) 0 ” initial state 


2 . 


H® n | 0 )« 



2 n —l 


1^) = 1^) 

x=0 


apply the Hadamard transform to all qubits 


3. [(2 \fj) (fj\ - I)0] R |^) « \x 0 ) 


apply the Grover iteration R 


— times 
4 


4. x 0 


measure the register 


3.3 Grover’s algorithm: Worked example 

Consider a system consisting of N = 8 = 2 3 states, and the state we are searching for, xq, 
is represented by the bit string Oil: 


To describe this system, n — 3 qubits are required, represented as: 


x) = a 0 |000) +aq |001)+o 2 |010)+u 3 |011)+a 4 |100) + a 5 |101) + a 6 |110)+a 7 |1H) (7) 


where cq is the amplitude of the state |i). Grover’s algorithm begins with a system 
initialized to 0 : 

11000 ) ( 8 ) 

and then apply the Hadamard transformation to obtain equal amplitudes associated with 
each state of 1 /a /N = l/y/8 = l/2\/2, and thus also equal probability of being in any of 
the 8 possible states: 


h3 |000> = 2H |000> + ^ |001> + "' + V7S l ln > = E W = M 0) 


2V2 


2V2 




A geometric interpretation of the amplitudes of states is a useful way of better visualizing 
how this algorithm works. Since the amplitudes remain real throughout the execution 
of Grover’s algorithm, they may be visualized as lines perpendicular to an axis whose 
lengths are proportional to the amplitude they represent. The equal superposition of 
states resulting from the first Hadamard transform appears as follows: 
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| 000 ) | 001 ) | 010 )| 011 )| 100 )| 101 )| 110 ) | 111 ) 


1 

2 V 2 


It is optimal to now perform 2 Grover iterations in order to obtain the solution: 
f \/8 = ^y/2 = Ia/2 « 2.22, which rounds to 2 iterations. 


In each iteration, the first step is to call the quantum oracle O, then perform inversion 
about the average, or the diffusion transform. The oracle query will negate the amplitude 
of the state |xo), in this case 1011 ), giving the configuration: 


*> = ^ l°°°) + ^ l° 01 > + 


2V2 


2V2 


2^2 


| 010 ) 


^ 1011 ) + ... + ^ 1111 ) 


And the geometric representation: 


( 10 ) 


"[ r I r r - ""] r a * ~ eh 

---1---- L 

a| 011) = 

| 000 ) | 001 ) | 010 )| 011 )| 100 )| 101 ) | 110 ) | 111 ) 


Now, perform the diffusion transform 2 \ip) (gp\ — I, which will increase the amplitudes by 
their difference from the average, decreasing if the difference is negative: 


[2 lt/ ; ) (V'l -i\ k) 
= [2|V’)(V’I ~I\ I i 

= 2 |^) (?/#) - W) 


| 011 ) 


—= \if) (^| 011 ) + 


2\[2 
2 

72 


1 

71 


| 011 ) 


( 11 a) 

(lib) 

(11c) 

(lid) 


Note that = 87 ^ 

we can use the identity (^lOll) = (OilIV 7 ) = 7 a : 


2 V 2 


= 1 . Additionally, since 1011) is one of the basis vectors, 


= W - i IV-) + A ion) 

= > + 7 |011> 


(lie) 

(Ilf) 

(Hg) 
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Substituting from Equation 9 gives: 


2 [2V2 5 H + |0U> 

tut) 

4y-& + > n)+ > u) 

(in) 




(iij) 


Xy^S 


In the notation used earlier: 

1115 1 

M = 1000) + —= |001) + —= 1010) + —= 1011) + ...+ —= |111) (Ilk) 


4-J2 4,V2 

Which appears geometrically as: 


4^2 


4^/2 


Ay/2 


a \ x ) 


5 

4\/2 


1 - - 

4\/2 _ L 


Oiip 


| 000 ) | 001 ) | 010 ) | 011 )| 100 )| 101 )| 110 )| 111 ) 


1 

2V2 


This completes the first iteration. We apply the same two transformations in the second 
iteration, giving: 


x) 


1 

4V2 

|000) + 

4^ |0 ° 1> + 

1 

4V2 

Ew- 

x=0 

5 

4\/2 

|011) 


# 7^3 



1 

4V2 

tw- 

x=0 

6 

4-J2 

|011) 

> 

3 

2^2 

|011) 




5 

4-J2 


| 011 ) + ...+ 



(12a) 

(12b) 

(12c) 

(12d) 
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after the oracle query, and after applying the diffusion transform: 

3 


[2 


= 2 - 
2 


1 

1 

1 

1 


I) 


2^2 


| 011 ) 


7#) - 2 


1 

2 


3 

71 


A) 


+ 


2y/2 

3 


<#)11) + —= |011) 


2^2 


2^2 


| 011 ) 


+ 


2V2 


| 011 ) 


2V2^ 0 

x^3 


I] 17 


2\[2 


| 011 ) 


2\[2 


| 011 ) 


11 

8^2 


^ ion) 


Or in the expanded notation: 


|x) = 


1 


1 


11 


| 000 ) - —= 1001 ) - —= 1010 ) + —= 1011 ) - ... - 


8V2 ' ' 8V2 1 ' 8V2 1 ' 8V2 

Geometrically, the success of the algorithm is clear: 


“I 011 ) - 8%2 


8V2 


(111) 


(13a) 

(13b) 

(13c) 

(13d) 

(13e) 

(13f) 


(13g) 


a \x) 


n,.. , A ; 2 

— 1 1 1 1 1 1 1 1 

832 

| 000 ) | 001 ) | 010 ) | 011 ) | 100 ) | 101 ) | 110 ) | 111 ) 


Now when the system is observed, the probability that the state representative of the 
corrct solution, |011), will be measured is d-!_|~ = 121/128 ~ 94.5%. The probability 

of hnding an incorrect state is |^7| = 7/128 ~ 5.5%; Grover’s algorithm is more than 
17 times more likely to give the correct answer than an incorrect one with an input size 
of N = 8, and the error only decreases as the input size increases. Although Grover’s 
algorithm is probabilistic, the error truly becomes negligible as N grows large. 
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4 Simon’s Algorithm 

4.1 Black-box period finding 

Simon’s problem is, given a function 

/: { 0 , 1 }"->{ 0 , 1 }" 

that is known to be invariant under some n-bit XOR mask a, determine a. In other words, 
determine a given: 

f(x) = f(y ) *—+ X © y e {0 n , a} 

This problem was one of the first problems for which a quantum algorithm was found to 
provide exponential speedup over any classical algorithm: the best classical algorithms, 
including probabilistic ones, require an exponential 0(2 n / 2 ) queries to the black-box 
function in order to determine a. Simon’s quantum algorithm solves this problem in 
polynomial time, performing an optimal 0(n) queries [8]. 

This algorithm is a good example of the type that might soon be used in conjunction 
with classical computation. Even though quantum computers are capable of computing 
all the same problems as a classical computer, it will not necessarily make sense to use 
quantum computers to do so while quantum technology is still young and pricey. Simon’s 
algorithm requires some processing at the end, solving a system of linear equations, in 
order to determine the final solution. The system could be solved by a quantum computer, 
and even exponentially more quickly than by a classical machine [4]. But, there are 
polynomial-time classical algorithms for solving linear systems of equations that might 
be preferred if quantum computing time is expensive, as will probably be true for any 
quantum computing resources that become available in the near future. While a quantum 
computer could be very beneficial for solving problems that would take exponential time 
on a classical computer, problems that can be solved efficiently on a classical computer 
might be better left to the classical machine, whose resources are cheap and deterministic. 

Both Simon’s algorithm and Shor’s well-known prime factorization algorithm solve a 
similar problem: given a function /, find the period a of that function. While Simon’s 
problem uses exclusive-OR to define the period, Shor’s uses binary addition as the con¬ 
straint on /. These problems are more restricted cases of what is known as the hidden 
subgroup problem, which correspond to a number of important problems in computer 
science. In addition to the specific uses of the Abelian hidden subgroup problem that Shor 
and Simon’s algorithms address, any formulation of the Abelian hidden subgroup problem 
can be solved by a quantum computer requiring a number of operations logarithmic in 
the size of the group [12]. 

The more general hidden subgroup problem is harder to solve. Analogous to the graph 
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isomorphism problem, which is determining whether two finite graphs are isomorphic, and 
some shortest vector problems in lattices, finding the shortest nonzero vector in a vector 
space, both of which have a number of applications to cryptography and other areas in 
computer science. Currently no polynomial-time algorithms have been devised to solve 
this problem [9]. If a new quantum algorithm were found to solve the hidden subgroup 
problem, or even just another special case of this problem, it would be a breakthrough in 
quantum computing similar to Shor’s discovery. 

4.2 Simon’s algorithm: How it works 


| 0 > 

| 0 > 



Figure 6: Circuit diagram for one iteration of Simon’s algorithm [26] 


Given a function acting on n-bit strings, Simon’s algorithm begins by initializing two 
n-bit registers to 0: 

| 0 )®n | Q ^n ( 14 ) 

Then applying the Hadamard transform to the first register to attain an equal superposition 
of states: 

Han 1°) l°> = -4 E W 1°) (is) 

* 1 rre{0,l} n 

Next, the given oracle function f(x) is queried on both the registers. The oracle is 
implemented as a unitary operation that performs the transformation Oft x \ |x) \y) = 
|x) | f(x) © y). When the oracle is called on the registers in the configuration described 
above, the result will be no change to the first register, and f(x) stored in the second 
register, since f(x)®0 = f(x): 


-4 E mi/m) do 

V/ xe{o,i}" 

Now the second register is measured. There are two possible cases to consider in de¬ 
termining the impact of that measurment on the first register: either the XOR mask 
a = 0 n or a = {0, l} n . If a = 0", then / is injective: each value of x corresponds to a 
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unique value f(x). This means that the first register remains in an equal superposition; 
Regardless of the measured value of f(x), x could be any bit string in {0, l} n with equal 
probability. On the other hand, if a = {0, l} n , measuring the second register determines 
a concrete value of f(x), call it f(z), which limits the possible values of the first register. 
By the definition of the function fix), there are exactly two possible values of x such that 
f(x) = f(z ): z and z © a. The state of the first register after measuring the second is 
thus reduced to an equal superposition of those two values: 


1 

71 


z) + 



(17) 


Since there will be no more operations on the second register, further calculations will 
focus only on the first register. 


The next step is to isolate the information about a that is now stored in the first 
register. This can be done by applying the Hadamard transform again. Remember that 
the Hadamard transform may be defined using the bitwise dot product x ■ y as: 

H °"\ X ) = f= y. (is) 

ye{o,i} n 


Using this notation, the result of applying a second Hadamard operation is: 


n 


1 | . 1 . , 

, — 1 = \z) H—T= z © a) 

Lv^ y/2 


=J_ H ® n \z) + \z © a) 

y/2 y/2 


1 

: 71 


^£{0,1}” 


dp E +4 4 E (-D'^'Uy) 

V ^ „rfn lln V" V ^ .,rfn lln 


ye{0,l}- 


E [(-i)"+(-i) w 1i?/) 


ye{0,l} n 


(19a) 

(19b) 

(19c) 

(19d) 


1 

V2 n+1 


E 

ye{0,l} n 


7_1 y-v _|_ 


(19e) 


E (-ini + t-iriw (i«) 

ye{o,i} n 

Now the value of the first register is measured. In the degenerate case where a = 0” (/is 
injective), a string will be produced from {0, l} n with uniform distribution. 

In the case where x (By / 0”, notice that either a-y — 0 or a-y = l. If a ■ y — 1, then 


Page 30 of 35 



An Introduction to Quantum Algorithms 


4-2 Simon’s algorithm: How it works 


Equation 19f becomes: 

1 V (_i r [ 1 +(_!).] |„) = 1 V (-!)*« [0]|„> (20a) 

v yG{0,l}" V ye{0,l} n 

= 0 I y) (20b) 

The amplitude, and thus probability, that a value of y such that a ■ y — 1 is equal to 0, 
and so such a y will never be measured. Knowing that it will always be true that a - y = 0, 
Equation 19f can be simplified: 

1 V (-1)- [1 + (-!)»] |„> = ^ E (-1)** l»> C21 & ) 

v ye{o,i} n V ye{0,l} n 

= £ (- 1 )^ l^> < 21b > 

V ye{o,i} n 

When a ^ 0”, the result of measuring the first register after performing Simon’s algorithm 
will always produce a string y G {0, l} n : a ■ y = 0. From Equation 21a, the amplitude 
associated with each value y is equal to ±V2 1_n , giving the probability: 


l 

of observing any of the strings y such that a ■ y — 0, a uniform distribution over the 2 n_1 
strings that satisfy a ■ y — 0. 

If Simon’s algorithm is executed n — 1 times, n — 1 strings rq, y 2 , ■ ■ ■, y n - i £ {0, l} n 
can be observed, which form a system of n — 1 linear equations in n unknowns of the 
form: 




')n— 1 


( 22 ) 


y I’d — y U ai + |/12®2 + • • • + yin^n — 0 
lj‘2 ■ a — yutti + |/22®2 + • • • + 2/2n«n = 0 


yn— 1 ' O — U(n— 1)1^1 y(n— 1)2®2 H - • • • "b |/(n— l)n®n — 0 

To find a from here is just a matter of solving for the n unknowns, each a bit in a, in order 
to determine a as a whole. Of course, this requires a system of n — 1 linearly independent 
equations. 

The probability of observing the first string y 0 is 2 1 " n . After another iteration of 
Simon’s algorithm, the probability of observing another distinct bit string would be 
1 — 2 1-n . The probability of observing n — 1 distinct values of y in a row, and so a lower 
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bound on the probability of obtaining n — 1 linearly independent equations, is: 



n= 1 


l 

2 n 


.2887881 > 


1 

4 


(23) 


So a linearly independent system of n — 1 equations, and from there the value of a, can 
be obtained by repeating Simon’s algorithm no more than An times. Simon’s algorithm 
requires only 0(n) queries to / in order to determine a, while classical algorithms require 
exponential time. 


4.3 Simon’s Algorithm: Worked example 

Now a worked example with n — 3, a — 110, and f(x) defined by the following table: 


X 

f(x) 

000 

101 

001 

010 

010 

000 

Oil 

110 

100 

000 

101 

110 

110 

101 

111 

010 


First, two 3-bit registers are initialized to |O) 03 : 

|000)|000) (24) 

Then the Hadamard transform is applied to the first register to obtain an equal superpo¬ 
sition of states: 

H® 3 |000} |000} = -1= ^ \x) |000) (25) 

a, e { 0 ,l}3 

Next, the oracle f(x) is queried, giving: 

A E Ml/M> (26) 

a;e{0,l} 3 

And then the second register is measured, collapsing the first register to: 

-h| z ) + T| z ffill0) (27) 
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Then a second Hadamard transform is applied to the first register: 


H 5 
1 


1 , . 1 . 

, —p \z) H— 7 = z © 110 ) 

X (-ir [i + (-i) 11 © \ V ) 

y£{0,l} n 


(28) 

(29) 


From here, 3 — 1 = 2 observations can be made such that a ■ y — 0. Observations y\ = 001 
and y 2 = 000 lead to the system of equations: 


ciQGq(Z 2'001 — 0(o 0 ) © 0 (cq) © 1 ( 02 ) — 0 
■ 000 = 0(a 0 ) © 0(ai) © 0 ( 02 ) = 0 


With two possible solutions a = 000 or a = 110. Thus Simon’s algorithm provides the 
unique nonzero solution a = 110, which is in fact the XOR mask associated with the 
function / defined above. 


5 Conclusion 

Many of the more interesting quantum algorithms, such as quantum simulated annealing 
or quantum Bayesian networks, require a much more thorough understanding of the 
underlying math. Still, with the new quantum paradigm looming in the distance, it 
no longer makes sense for quantum computation to be ignored in the undergraduate 
computer science curriculum. Hopefully, the study of quantum algorithms will soon 
be commonplace. Until then, this tutorial at least demonstrates that simple quantum 
algorithms are not beyond the understanding of the average undergraduate computer 
science student, providing a gentle introduction to the basics of quantum computation to 
the undergraduate population. 
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